CVE-2023-41834

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-41834

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41834.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41834

Published

2023-09-19T13:16:22.333Z

Modified

2026-03-14T12:14:53.960438Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser.

Users should upgrade to Apache Flink Stateful Functions version 3.3.0.

References

Affected packages

Git / github.com/apache/flink-statefun

Affected ranges

Type

GIT

Repo

https://github.com/apache/flink-statefun

Events

Introduced

464c9c4757f5b5a5060804491d08a5cf467da271

Last affected

70daa3ab2ed22bcde8779af6ba4fc2ccb1fd6d07

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.2.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41834.json"